The Data Protection Officer (DPO) has been appointed, a corresponding forwarding via the e-mail address published in the data privacy statement, which directs the e-mail exclusively to the mailbox of the appointed DPO, has supposedly been set up. The availability of the data privacy officer for data subjects is thus permanently ensured. Really? Unfortunately, no! And the “no” can have unpleasant consequences for the data controller, i.e., for the company!
Read more … Requirements for the availability of the Data Protection Officer
The case of a customer dying does not (hopefully) occur frequently. Most of the time, however, responsible companies are at a loss at first. What do they have to consider in terms of data protection law when they discover that one of their customers has died? In the following, we would like to point out some of the problems that we encounter again and again in our day-to-day work as data protection officers and what responsible companies need to bear in mind.
Payment processing via service providers is convenient, fast and easy – for customers and responsible companies. In the following we explain what companies in charge of data protection have to observe if they want to use payment service providers for payment processing with their customers.
The more detailed data processing operations are considered in corporate practice, the more data protection problems seem to arise. How does it look e.g. with the use of personalized contact details that have been sent to my company by business partners and are assigned to the employees of the business partner?
von Ramona
In this technical article we dealt with the so-called “data protection coordinator”. Not least because of the increasing requirements from the General Data Protection Regulation, more and more companies are deciding to appoint an external data protection officer. A data protection coordinator should be assigned to this in the company. But what exactly is a data protection coordinator and what is his job? What is the difference between data protection officers and data protection coordinators? We clarify these and other questions in this blog post.
Read more … simply explained: the data protection coordinator
The digitization of processes, the outsourcing of data to cloud solutions, email archiving, the implementation of the requirements from the GoBD with regard to the documentation of digital business processes with corresponding storage solutions and backups as well as the handling of the extensive requirements for IT security and data protection resulting from all this are all part of the The center of the action.
Data storage is increasingly moving to the clouds, away from local servers. What many companies are not aware of: Although it is practical to hardly have to worry about anything, you still have to ensure data protection and information security yourself.
Read more … Information security and data protection in clouds
Violations of the GDPR can cost companies dearly. The first thing that usually comes to mind are the high regulatory fines that are widely reported in the press. But not only high fines from the supervisory authorities threaten defaulting companies with incorrect information – compensation for pain and suffering can also be due, as the judgment of the Düsseldorf Labor Court of March 5, 2020 showed (Az. 9 Ca 6557/18). The reasoning for the judgment contained some fundamental statements regarding immaterial damages in connection with the violation of the GDPR.
Read more … GDPR violation: Compensation for incomplete and late information
The Federal Association for Information Technology, Telecommunications and New Media e. V. (Bitkom) has commissioned a study on the implementation of the GDPR in companies, the results of which were presented on September 29, 2020. According to this, half of the companies surveyed did not introduce new projects due to the requirements of the GDPR. Only 20% of the companies stated that they have now fully implemented the GDPR.
von Ramona
“More paperwork, more documentation. That is just a hindrance and does not help anyone ”. Most likely react in this way or something similar when it comes to keeping a record of the processing activities that, according to Article 30 GDPR, must be kept in every organization and company as soon as personal data is processed. Article 83 GDPR creates an additional “monetary incentive” to act. Who would like to receive a fine because data protection has not been complied with? The loss of image due to publications is often greater than the resulting financial damage.
Read more … Processing activities – what should be considered?